PAM_RADIUS Authentication Setup for CentOS4.2

InCho Chong imagesincho at gmail.com
Wed Feb 22 00:56:36 CET 2006


Using FreeRadius 1.0.5

I have attempted using Toby Zimmerer's post, but have not yet been
able to get this work on CentOS 4.2.

CentOS4.2 should resemble RedHat ES closely.  I am just wondering, if
anyone has gotten this to work properly.

I am trying to use PAM_RADIUS, but having some issues. I am trying to
use the pam_radius_auth.so (I was able to compile it on CentOS4.2) to
use RADIUS as primary authentication and if RADIUS server is not
reachable, then use native unix_auth.

I have the client configured in RADIUS, I have created a
/etc/raddb/server file to point to the RADIUS servers, modified
/etc/pam.d/sshd as following:


#%PAM-1.0
# auth       required     pam_stack.so service=system-auth
auth       required     pam_radius_auth.so
# auth       required     pam_nologin.so
# account    required     pam_stack.so service=system-auth
account    required     pam_radius_auth.so
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
But I am not getting the authentication to work.

/var/log/secure shows following:

Feb 16 12:44:53 eastern-dge-2 sshd[24372]: pam_radius_auth: DEBUG:
getservbyname(radius, udp) returned 2433732.

Feb 16 12:44:55 eastern-dge-2 sshd[24372]: Failed password for invalid
user ICHONG from ::ffff:172.25.1.190 port 4145

Feb 16 12:45:25 eastern-dge-2 sshd[24465]: Invalid user ichong from
::ffff:172.25.1.190

Feb 16 12:45:26 eastern-dge-2 sshd[24465]: pam_radius_auth: DEBUG:
getservbyname(radius, udp) returned 3883716.

Feb 16 12:45:29 eastern-dge-2 sshd[24465]: Failed password for invalid
user ichong from ::ffff:172.25.1.190 port 4146

/var/log/messages shows following:

Feb 16 12:44:53 eastern-dge-2 sshd(pam_unix)[24372]: check pass; user unknown

Feb 16 12:45:14 eastern-dge-2 sshd(pam_unix)[24372]: 1 more
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=172.25.1.190

Feb 16 12:45:26 eastern-dge-2 sshd(pam_unix)[24465]: check pass; user unknown

Feb 16 12:45:26 eastern-dge-2 sshd(pam_unix)[24465]: authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.25.1.190

Please help.

Thanks,
InCho




More information about the Freeradius-Devel mailing list